Total
2287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 5.8 MEDIUM |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||||
| CVE-2023-27060 | 1 Lightcms Project | 1 Lightcms | 2026-06-17 | N/A | 9.8 CRITICAL |
| LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. | |||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 7.5 HIGH |
| Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | |||||
| CVE-2023-26579 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 5.3 MEDIUM |
| Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | |||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 8.2 HIGH |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | |||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 7.5 HIGH |
| Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | |||||
| CVE-2023-26570 | 1 Idattend | 1 Idweb | 2026-06-17 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-25780 | 1 Status | 1 Powerbpm | 2026-06-17 | N/A | 5.7 MEDIUM |
| It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence. | |||||
| CVE-2023-25589 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. | |||||
| CVE-2023-25570 | 1 Apolloconfig | 1 Apollo | 2026-06-17 | N/A | 7.5 HIGH |
| Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet. | |||||
| CVE-2023-25493 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-25014 | 1 In2code | 1 Femanager | 2026-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. | |||||
| CVE-2023-25013 | 1 In2code | 1 Femanager | 2026-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. | |||||
| CVE-2023-24934 | 1 Microsoft | 1 Malware Protection Platform | 2026-06-17 | N/A | 6.2 MEDIUM |
| Microsoft Defender Security Feature Bypass Vulnerability | |||||
| CVE-2023-24527 | 1 Sap | 1 Netweaver As Java For Deploy Service | 2026-06-17 | N/A | 5.3 MEDIUM |
| SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity. | |||||
| CVE-2023-24526 | 1 Sap | 1 Netweaver Application Server Java | 2026-06-17 | N/A | 5.3 MEDIUM |
| SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data. | |||||
| CVE-2023-23906 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. | |||||